# Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008

 Название Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 страница 4/16 Дата 06.09.2012 Размер 1.67 Mb. Тип Учебно-методическое пособие

## Text 2. Symmetric Key Encryption Algorithms. Public Key Algorithms. Cryptographic Hash Algorithms. Read the text and write out the facts that are new for you.

The use, export, and/or import of implementations of encryption algorithms are restricted in many countries, and the laws can change quite rapidly. Find out what the rules are before trying to build applications using cryptography.

For secret key (bulk data) encryption algorithms, use only encryption algorithms that have been openly published and withstood years of attack, and check on their patent status. We would recommend using the new Advanced Encryption Standard (AES), also known as Rijndahl -- a number of cryptographers have analyzed it and not found any serious weakness in it, and we believe it has been through enough analysis to be trustworthy now. However, in August 2002 researchers Fuller and Millar discovered a mathematical property of the cipher that, while not an attack, might be exploitable into an attack (the approach may actually has serious consequences for some other algorithms, too). A good alternative to AES is the Serpent algorithm, which is slightly slower but is very resistant to attack. For many applications triple-DES is a very good encryption algorithm; it has a reasonably lengthy key (112 bits), no patent issues, and a very long history of withstanding attacks (it's withstood attacks far longer than any other encryption algorithm with reasonable key length in the public literature, so it's probably the safest publicly-available symmetric encryption algorithm when properly implemented). However, triple-DES is very slow when implemented in software, so triple-DES can be considered ``safest but slowest.'' Twofish appears to be a good encryption algorithm, but there are some lingering questions - Sean Murphy and Fauzan Mirza showed that Twofish has properties that cause many academics to be concerned (though as of yet no one has managed to exploit these properties). MARS is highly resistent to ``new and novel'' attacks, but it's more complex and is impractical on small-ability smartcards. Your protocol should support multiple encryption algorithms, anyway; that way, when an encryption algorithm is broken, users can switch to another one.

For symmetric-key encryption (e.g., for bulk encryption), don't use a key length less than 90 bits if you want the information to stay secret through 2016 (add another bit for every additional 18 months of security) [Blaze 1996]. For encrypting worthless data, the old DES algorithm has some value, but with modern hardware it's too easy to break DES's 56-bit key using brute force. If you're using DES, don't just use the ASCII text key as the key - parity is in the least (not most) significant bit, so most DES algorithms will encrypt using a key value well-known to adversaries; instead, create a hash of the key and set the parity bits correctly (and pay attention to error reports from your encryption routine). So-called ``exportable'' encryption algorithms only have effective key lengths of 40 bits, and are essentially worthless; in 1996 an attacker could spend \$10,000 to break such keys in twelve minutes or use idle computer time to break them in a few days, with the time-to-break halving every 18 months in either case.

Block encryption algorithms can be used in a number of different modes, such as ``electronic code book'' (ECB) and ``cipher block chaining'' (CBC). In nearly all cases, use CBC, and do not use ECB mode - in ECB mode, the same block of data always returns the same result inside a stream, and this is often enough to reveal what's encrypted. Many modes, including CBC mode, require an ``initialization vector'' (IV). The IV doesn't need to be secret, but it does need to be unpredictable by an attacker. Don't reuse IV's across sessions - use a new IV each time you start a session.

There are a number of different streaming encryption algorithms, but many of them have patent restrictions. I know of no patent or technical issues with WAKE. RC4 was a trade secret of RSA Data Security Inc; it's been leaked since, and we know of no real legal impediment to its use, but RSA Data Security has often threatened court action against users of it (it's not at all clear what RSA Data Security could do, but no doubt they could tie up users in worthless court cases). If you use RC4, use it as intended - in particular, always discard the first 256 bytes it generates, or you'll be vulnerable to attack. SEAL is patented by IBM - so don't use it. SOBER is patented; the patent owner has claimed that it will allow many uses for free if permission is requested, but this creates an impediment for later use. Even more interestingly, block encryption algorithms can be used in modes that turn them into stream ciphers, and users who want stream ciphers should consider this approach.

For public key cryptography (used, among other things, for signing and sending secret keys), there are only a few widely-deployed algorithms. One of the most widely-used algorithms is RSA; RSA's algorithm was patented, but only in the U.S., and that patent expired in September 2000, so RSA can be freely used. Never decrypt or sign a raw value that an attacker gives you directly using RSA and expose the result, because that could expose the private key (this isn't a problem in practice, because most protocols involve signing a hash computed by the user - not the raw value - or don't expose the result). Never decrypt or sign the exact same raw value multiple times (the original can be exposed). Both of these can be solved by always adding random padding (PGP does this) - the usual approach is called Optimal Asymmetric Encryption Padding (OAEP).

The Diffie-Hellman key exchange algorithm is widely used to permit two parties to agree on a session key. By itself it doesn't guarantee that the parties are who they say they are, or that there is no middleman, but it does strongly help defend against passive listeners; its patent expired in 1997. If you use Diffie-Hellman to create a shared secret, be sure to hash it first.

NIST developed the digital signature standard (DSS) (it's a modification of the ElGamal cryptosystem) for digital signature generation and verification; one of the conditions for its development was for it to be patent-free.

RSA, Diffie-Hellman, and El Gamal's techniques require more bits for the keys for equivalent security compared to typical symmetric keys; a 1024-bit key in these systems is supposed to be roughly equivalent to an 80-bit symmetric key. A 512-bit RSA key is considered completely unsafe; Nicko van Someren has demonstrated that such small RSA keys can be factored in 6 weeks using only already-available office hardware (never mind equipment designed for the job). In the past, a 1024-bit RSA key was considered reasonably secure, but recent advancements in factorization algorithms (e.g., by D. J. Bernstein) have raised concerns that perhaps even 1024 bits is not enough for an RSA key. Certainly, if your application needs to be highly secure or last beyond 2015, you should use a 2048 bit keys.

If you need a public key that requires far fewer bits (e.g., for a smartcard), then you might use elliptic curve cryptography (IEEE P1363 has some suggested curves; finding curves is hard). However, be careful - elliptic curve cryptography isn't patented, but certain speedup techniques are patented.

Some programs need a one-way cryptographic hash algorithm, that is, a function that takes an ``arbitrary'' amount of data and generates a fixed-length number that hard for an attacker to invert (e.g., it's difficult for an attacker to create a different set of data to generate that same value). For a number of years MD5 has been a favorite, but recent efforts have shown that its 128-bit length may not be enough [van Oorschot 1994] and that certain attacks weaken MD5's protection [Dobbertin 1996]. Indeed, there are rumors that a top industry cryptographer has broken MD5, but is bound by employee agreement to keep silent (see the Bugtraq 22 August 2000 posting by John Viega). Anyone can create a rumor, but enough weaknesses have been found that the idea of completing the break is plausible. If you're writing new code, use SHA-1 instead of MD5. Don't use the original SHA (now called ``SHA-0''); SHA-0 had the same weakness that MD5 does. If you need more bits in your hash algorithm, use SHA-256, SHA-384, or SHA-512; you can get the specifications in NIST FIPS PUB 180-2.

Form different parts of speech and translate them.

Cryptography

Give your definitions of the following terms.

Plaintext, encryption, ciphertext, decryption

Make the word combinations.

1. incompatible a) of tools

2. communicating b) protection

3. keyring c) attack

4. brute d) authentication

5. integrity e) standards

6. string f) information

7. optional g) force

8. authenticate h) server

9. man-in-the middle i) of binary

10. suite j) host

What do the following abbreviations from Text 1 mean?

RSA, IPSec, VPN, SSL

Find abbreviations in Text 2 and comment on their meaning.

Translate into Russian the following paragraph.

Serpent is an AES submission by Ross Anderson, Eli Biham, and Lars Knudsen. Its authors combined the design principles of DES with the recent development of bitslicing techniques to create a very secure and very fast algorithm. While bitslicing is generally used to encrypt multiple blocks in parallel, the designers of Serpent have embraced the technique of bitslicing and incorporated it into the design of the algorithm itself. Serpent uses 128 bit blocks and 256 bit keys. Like DES, Serpent includes an initial and final permutation of no cryptographic significance; these permutations are used to optimize the data before encryption. Serpent was released at the 5th International Workshop on Fast Software Encryption. Serpent 1 resists both linear and differential attacks.

Complete the text by translating Russian phrases given in brackets.

The use of public key cryptography is thus conceptually simple. But two immediate worries may spring to mind. A first concern is that although (1 взломщик, перехватив закодированное послание Эллис) will only see gibberish,the intruder knows both the key (Bob s public key, (2 который доступен всем) and the algorithm that Alice used for encryption. Trudy can thus mount (3 выбранную атаку текста), using the known standardized encryption algorithm and Bob’s publicly available encryption key to encode any message she chooses.Trudy might well try to encode messages, or parts of messages she chooses.Trudy might well try, for example, to encode messages, or parts of messages, that she suspects that Alice might send. Clearly, if public key cryptography is to work, (4 подбор ключа) and encryption/decryption must be done in such a way that it is impossible (or at least so hard to be impossible for all practical purposes) for an intruder to either determine Bob’s private key or somehow otherwise (5 расшифровать или угадать) Alice’s message to Bob. A second concern is that since Bob sencryption key is public, (6 любой может отправить зашифрованное послание Бобу), including Alice or someone claiming to be Alice. In the case of a single shared secret key, the fact that the sender knows the secret key (7 косвенно устанавливает отправителя). In the case of public key cryptography, however, this is no longer the case since anyone can send an encrypted message to Bob using Bob’s publicly available key. Certificates, which we will study later, (8 необходимы для того, чтобы соотнести человека и конкретный открытый ключ).

Translate into English

Хотя существует много алгоритмов и ключей, обладающих этим свойством, алгоритм РСА (названный в честь его разработчиков Р. Райвеста, А.Шамира и Л.Эйдмана) стал практически синонимом криптографических систем с открытым ключом. Рассмотрим сначала, как работает алгоритм РСА. Предположим, Боб хочет отправить зашифрованное сообщение. РСА состоит из двух взаимосвязанных компонентов:

– выбора открытого и закрытого ключа,

– алгоритмa зашифрования и расшифрования.

Translate into English the following paragraph.

DES алгоритм является первым примером широкого производства и внедрения технических средств в область защиты информации. К настоящему времени выпускается несколько десятков устройств аппаратно - программной реализации DES-алгоритма. Для выпуска такого рода устройства необходимо получить сертификат Национального Бюро Стандартов на право реализации продукта, который выдается только после всесторонней проверки по специальным тестирующим процедурам.

Достигнута высокая скорость шифрования. По некоторым сообщениям, в одном из устройств на основе специализированной микросхемы она составляет около 45 Мбит/сек.

Основные области применения DES-алгоритма:

- хранение данных в ЭВМ (шифрование файлов, паролей);

- электронная система платежей (между клиентом и банком);

- электронный обмен коммерческой информацией (между покупателем и продавцом).

Grammar

Past Time. Active and Passive Voice.

Active Voice.

Past Simple.

Употребление. Однократное действие в прошлом.

Образование.

I worked wrote. I did not work write.

He worked wrote. He did not work write.

She worked wrote. She did not work write.

It worked wrote. It did not work write.

We worked wrote. We did not work write.

You worked wrote. You did not work write.

They worked wrote. They did not work write.

Past Continuous.

Употребление. Действие в процессе, совершалось в определенный момент или протекало в течение четко ограниченного периода времени в прошедшем. I was watching TV the whole evening yesterday. Временные показатели: at 5 o’clock yesterday, from 5 till 6 yesterday, the whole evening, when mother came home.

Образование.

I was working. I was not working.

He was working. He was not working.

She was working. She was not working.

It was working. It was not working.

We were working. It was not working.

You were working. You were not working.

They were working. They were not working.

Test A. Write the sentences in Past Simple или Past Continuous.

1. He works 10 hours a day.

2. He is thinking of going to Canada.

3. He doesn’t perform this sort of task.

4. He can write a program for you.

5. He doesn’t know what their group is doing.

Test B. Write negative sentences and questions to the sentences of task A.

Test С. Put the verbs in brackets in the correct form, Past Simple or

Past Continuous.

C.E. Shannon (1 develop) a method for symbolic analysis of switching systems and networks in the late 1930-s. He (2 work) at Bell laboratories when he (3 publish) a paper on information theory. He and his IBM colleagues (4 contribute) to the early research in this field. Rochester (5 take part) in the MIT artificial Intelligence Project. When we (6 come), the professor (7 deliver) the lecture.

Passive Voice.

Употребление. Страдательный залог употребляется, когда исполнитель действия неважен или неизвестен. Для говорящего, гораздо важнее описать действие, совершенное над объектом. Эта особенность пассивного залога отражается в построении предложений.

Построение предложений в страдательном залоге. Наибольший интерес представляет объект действия поэтому то, на что направлено действие в страдательном залоге занимает место подлежащего. Исполнитель действия либо не упоминается, либо находится после глагола с предлогом by. Предложения в страдательном залоге строятся по схеме: be+ третья форма глагола в соответствующем времени. Форма глагола be должна соответствовать лицу и числу подлежащего, как показано в примерах.

Past Simple This house was built in 1824.

Этот дом был построен в 1824.

Past Continuous The lecturer was being listened to.

Лектора слушали.

Past Perfect When he come diner had been cooked.

Когда он пришел, обед уже приготовили.

Future-in the Past Perfect (He said that) The letter would have been written by 5 o’clock the next day. Он сказал, что письмо будет написано к пяти часам.

## Похожие:

 Учебно-методическое пособие по формированию компетенции в грамматике (английский язык)Пособие для самостоятельной работы студентов 3 – 4 курсов (бакалавриат). – Таганрог: Изд-во тти, 2008. – 100 с Введение в профессию комплект методического обеспечения учебно-методическое пособиеУчебно-методическое пособие предназначено для преподавателей, студентов, аспирантов Социология Учебно-методическое пособие для студентов Казань 2010 удк 005 101 1701841 ббк 60 5 (Я 7) Печатается по решению предметно-проблемного совета гуманитарных и социально-экономических дисциплинУчебно-методическое пособие предназначено для студентов дневной и заочной формы обучения, преподавателей и аспирантов Учебно-методическое пособие по курсу «Рентгенографический анализ» Казань, 2010Методическое пособие предназначено для студентов и аспирантов геологического факультета Учебно-методическое пособие Ярославль, 2009 Скопин А. А., Разработка и технологии производства рекламного продукта: Учебно-методическое пособие. Ярославль, «Ремдер», 2009 118 сУчебное пособие предназначено для студентов, аспирантов, преподавателей. Актуальность рассматриваемых вопросов делает пособие привлекательным... Учебно-методическое пособие для аспирантовАнглийский язык для аспирантов = English for Post-Graduates / Учеб метод пособие для аспирантов / Авт сост.: О. И. Васючкова, Н.... Учебно-методическое пособие по курсу Технико-экономическое проектирование для студентов специальности 22. 01Учебно – методическое пособие по курсу “Технико-экономическое проектирование”. Сост. Ю. В. Брусницын, А. Н. Гармаш. Таганрог, трту,... Учебно-методическое пособие Казань 2008 федеральное агентство по образованию государственное образовательное учреждение высшего профессионального образованияПолевая археологическая практика Казанского государственного университета: Учебно-методическое пособие для студентов, обучающихся... Методическое пособие для аспирантов и студентов всех форм обучения Иркутск 2008Методическое пособие предназначено для аспирантов и студентов всех специальностей и форм обучения. В нем разъясняются важные узловые... Методическое пособие для аспирантов и студентов всех форм обучения Иркутск 2008Методическое пособие предназначено для аспирантов и студентов всех специальностей и форм обучения. В нем разъясняются важные узловые...
Разместите кнопку на своём сайте:
Библиотека

База данных защищена авторским правом ©lib.znate.ru 2014
обратиться к администрации
Библиотека